wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7638 from gasbytes/patch

Browse Source 
added check if the buf is at least RECORD_HEADER_SZ
This commit is contained in:
Daniel Pouzzner
2024-06-13 14:27:40 -04:00
committed by GitHub
parent 897d55f060 88527a3d6e
commit 385a097646
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/quic.c
View File

@ -188,7 +188,7 @@ static word32 add_rec_header(byte* output, word32 length, byte type)
return RECORD_HEADER_SZ;
}
static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
{
word32 len = qr->end - qr->start;
word32 offset = 0;
@ -197,6 +197,12 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
if (len <= 0) {
return 0;
}
/* We check if the buf is at least RECORD_HEADER_SZ */
if (sz < RECORD_HEADER_SZ) {
return -1;
}
if (qr->rec_hdr_remain == 0) {
/* start a new TLS record */
rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ?
@ -218,7 +224,7 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
qr->start += len;
qr->rec_hdr_remain -= len;
}
return len + offset;
return (sword32)(len + offset);
}
@ -766,7 +772,7 @@ cleanup:
/* Called internally when SSL wants a certain amount of input. */
int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
{
word32 n = 0;
sword32 n = 0;
int transferred = 0;
WOLFSSL_ENTER("wolfSSL_quic_receive");
@ -774,6 +780,11 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
n = 0;
if (ssl->quic.input_head) {
n = quic_record_transfer(ssl->quic.input_head, buf, sz);
/* record too small to be fit into a RecordLayerHeader struct. */
if (n == -1) {
return -1;
}
if (quic_record_done(ssl->quic.input_head)) {
QuicRecord* qr = ssl->quic.input_head;
ssl->quic.input_head = qr->next;
@ -791,7 +802,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
ssl->error = transferred = WANT_READ;
goto cleanup;
}
sz -= n;
sz -= (word32)n;
buf += n;
transferred += (int)n;
}